User ACS for query AD

Rojer-bkk · ‎04-25-2012

Hi Expert,

I have some question about user ACS for query AD. User-id that ACS use for query AD have to be unlock and never expire use-id ? If user-id is locked, ACS still can query as normally? Thank you for sharing.

Tarik Admani · ‎04-26-2012

No the account that connects to ACS to AD is only there to join the domain (create the computer account) if the account is locked it will still be able to authenticate users successfully. However, if the services are ever disrupted or the AD configuration is removed and then re-added then the ability to join the domain will fail.

thanks,

Tarik Admani

Rojer-bkk · ‎04-27-2012

Hi Tarik Admani,

Many thanks for reply. This information don't depend on ACS version, correct? I current use ACS 4.2

Tarik Admani · ‎04-27-2012

Wow, i should have caught that and assumed this was for 5.x. So ACS 4.2 operates differently, it has to be installed on a machine that is joined to your domain. ACS for windows has to run on a server that is a part of your domain or the remote agent has to run to on a machine that is a member of your domain, once the machine is joined to the domain then it should work fine. If you delete the account from AD or you decide to leave the domain through the workstation itself then you will have to provide the domain admin credentials again in order to join one more time.